^

 
 

Unit of competency details

BSBXCS404 - Contribute to cyber security risk management (Release 1)

Summary

Usage recommendation:
Current
Release Status:
Current
Releases:
ReleaseRelease date
1 1 (this release) 28/Feb/2020


Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  08/May/2020 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Unit Of competency

Modification History

Release 

Comments 

Release 1

This version first released with BSB Business Services Training Package 6.0.

Application

This unit describes the skills and knowledge required to contribute to cyber security risk management, which includes assisting in developing and managing associated risk management strategies.

It applies to those working in a broad range of industries and job roles who work alongside technical experts to develop cyber security risk-management strategies.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Digital Competence – Cyber Security

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Contribute to recommending risk management strategies that mitigate cyber security risk

1.1 Consult with stakeholders to determine scope of risk management appropriate to organisation and industry

1.2 Review relevant critical cyber risk management strategies appropriate to level of risk

1.3 Assist in developing suitable cyber security response options according to organisational policies and procedures

1.4 Present options for risk management strategies for approval within scope of own role

1.5 Document approved risk management strategies

2. Support implementation of approved risk management strategies in response to risk

2.1 Support communication of approved risk management strategies to required personnel

2.2 Contribute to monitoring cyber security risk according to selected risk management strategies

2.3 Assist in determining compliance with implemented cyber risk mitigation strategies

2.4 Address non-compliance within scope of own role and escalate where required according to organisational policies and procedures

2.5 Assist in establishing feedback processes that provide warning of potential new risks according to organisational requirements

3. Review and revise implemented risk management strategies

3.1 Identify benchmarks to track effectiveness of risk management strategies

3.2 Support evaluation of effectiveness of implemented strategies

3.3 Update risk management strategies with new information as required

Foundation Skills

This section describes those language, literacy, numeracy and employment skills that are essential to performance but not explicit in the performance criteria.

Skill 

Description 

Learning

  • Modifies behaviour following exposure to new information

Numeracy

  • Interprets mathematical data

Oral communication

  • Asks open and closed probing questions and actively listens to clarify consultations
  • Communicate proposed risk management strategies to required personnel

Reading

  • Recognises and interprets information from relevant sources to determine organisational expectations and legal requirements

Writing

  • Uses clear, specific and industry-related terminology relating to cyber security
  • Maintains and updates a range of documents, including risk registers and incident response plans

Planning and organising

  • Manages incident response plans

Teamwork

  • Works collaboratively with interdisciplinary teams develop cyber risk management strategies

Technology

  • Uses appropriate technology platforms to assist with cyber security risk management

Unit Mapping Information

No equivalent unit. New unit.

Links

Companion Volume Implementation Guide is found on VETNet: - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with BSB Business Services Training Package 6.0.

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

  • contribute to developing and implementing risk management strategies that control two different identified cyber security risks and document the response option applied to each risk
  • support evaluation of effectiveness of each implemented strategy.

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

  • legislative and regulatory requirements relating to contributing to cyber security risk management, including:
  • data protection legislation
  • notifiable data breach legislation
  • Australian privacy laws
  • established international legislation
  • key risk management strategies, including:
  • regular organisational training
  • regular threat assessment
  • cyber security incident response plan
  • clear escalation routes
  • organisational policies and procedures, including for:
  • analysing and reviewing risk management methodologies
  • developing communications plans
  • evaluating effectiveness of risk management strategies
  • monitoring cyber risk
  • reviewing currency of risk register
  • industry-specific knowledge of suitable procedures for applying risk management strategy
  • guidelines required for updating technology
  • business process design principles in relation to risk management
  • reporting mechanisms for tracking organisational cyber security maturity.

Assessment Conditions

Skills must be assessed in a workplace or simulated environment where conditions are typical of a work environment requiring cyber secure practices, processes and procedures.

Access is required to:

  • information and data sources relating to cyber security
  • device with active internet connection
  • internet browser
  • industry standards, organisational procedures, and legislative requirements required to demonstrate the performance evidence.

Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.

Links

Companion Volume Implementation Guide is found on VETNet: - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2